Configure outbound transports

Outbound transports refers to the transport that is used to connect to a downstream server. When you configure the outbound transport, consider the transports that the downstream servers support. If you are considering Secure Sockets Layer (SSL), also consider including the signers of the downstream servers in this server truststore file for the handshake to succeed.

When you select an SSL configuration, that configuration points to keystore and truststore files that contain the necessary signers. If you configured client certificate authentication for this server by completing the following steps, then the downstream servers contain the signer certificate belonging to the server personal certificate:

1. Click Security > Global security .

2. Under Authentication, click Authentication protocols > CSIv2 outbound authentication .

Complete the following steps to configure the outbound transport panels.

1. Select the type of transport and the SSL settings by clicking Security > Global security . Under Authentication, click Authentication Protocol > CSIv2 Outbound Transport . By selecting the type of transport, you choose the transport to use when connecting to downstream servers. The downstream servers support the transport that you choose. If you choose SSL-Supported , the transport that is used is negotiated during the connection. If both the client and server support SSL, always select the SSL-Supported option unless the request is considered a special request that does not require SSL, such as if an object request broker (ORB) is a request.

2. Click Security > SSL to specify the SSL settings that correspond to the SSL transport.

   This panel includes the SSL configuration of keystore files, truststore files, file formats, security levels, ciphers, cryptographic token selections, and so on. Verify that the truststore keyring file in the selected SSL configuration contains the signers for any downstream servers. Also, verify that the downstream servers contain the server signer certificates when outbound client certificate authentication is used.

3. Select the SSL settings that are used for outbound requests to downstream Secure Authentication Service (SAS) servers. Click Security > Global security . Under Authentication, click Authentication Protocol > SAS Outbound transport. Remember that the SAS protocol allows interoperability with previous releases. When configuring the keystore and truststore files in the SSL configuration, these files have the correct information for interoperating with previous releases of WebSphere Application Server. For example, a previous release has a different personal certificate than the Version 6 release. If you use the keystore file from the Version 6 release, add the signer to the truststore file of the previous release. Also, extract the signer for the Version 6 release and import that signer into the truststore file of the previous release.

Result

The outbound transport configuration is complete. With this configuration, you can configure a different transport for inbound security versus outbound security. For example, if the application server is the first server used by end users, the security configuration might be more secure. When requests go to back-end enterprise beans servers, you might consider less security for performance reasons when you go outbound. With this flexibility you can design a transport infrastructure that meets your needs.

What to do next

When you finish configuring security, perform the following steps to save, synchronize, and restart the servers.

• Click Save in the administrative console to save any modifications to the configuration.

• Synchronize the configuration with all node agents.

• Stop and restart all servers, after synchronization.

Sub-topics

Common Secure Interoperability Version 2 outbound transport settings

Secure Authentication Service outbound transport settings

Related tasks

Configuring RMI over IIOP